How EVEDA Pty Ltd collects, uses, stores, and protects your personal and health information.
This Privacy Policy sets out how EVEDA Pty Ltd ABN 17 658 197 418 ACN 658 197 418 ("EVEDA", "we", "our", or "us") protects the privacy of your personal information. This Policy is subject to the General Data Protection Regulation 2016/679 ("GDPR") if you are based in the European Union or UK during your interactions with us ("EU Individual").
This Privacy Policy applies to the collection, holding, use and disclosures of personal and sensitive information provided about individuals to EVEDA through the use of the website, https://www.eveda.com.au ("the website"), other applications related to EVEDA, and any services offered or provided by EVEDA ("services"). In this Privacy Policy, we also explain how you can contact us if you have a query about any personal or sensitive information that we may be holding about you. If you are an EU Individual, please refer to sections 19 and 20, which deal with matters specific to EU Individuals.
By continuing to use the website and/or services or when you purchase services from EVEDA, you acknowledge that you have had the opportunity to read this Privacy Policy. You also acknowledge and consent to EVEDA collecting, holding, and disclosing personal information supplied by you and retaining and/or using your personal information subject to the terms of this Privacy Policy, the website, any terms and conditions that apply to any services that we provide to you, and any other applicable contracts or laws. If you provide us with personal and/or sensitive information of a third party individual, you will be responsible for bringing the existence of this Privacy Policy to their attention and obtaining their consent for their personal or sensitive information to be provided to EVEDA for the purposes indicated in this Privacy Policy or as otherwise indicated at the time of collection.
The purpose of this Privacy Policy is to clearly communicate the personal and sensitive information handling practices of EVEDA, enhance the transparency of EVEDA's information collection processes, and give individuals a better understanding of the sort of personal information that EVEDA collects, and the way EVEDA handles and stores that information.
"Personal information" has the same meaning as defined by section 6 of the Privacy Act 1988 (Cth): information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in material form or not. Personal information we may collect includes your name, address, date of birth, contact telephone number(s), email address, organisational affiliation, employment details, billing and payment information, and any other information necessary for the delivery of our services.
"Sensitive information" has the same meaning as defined by section 6 of the Privacy Act, and may include details or an opinion about your health information. We will only collect your sensitive information with your consent and where information is reasonably necessary for one or more of our services. We will only use and disclose your sensitive information for the primary purpose for which it was collected or a purpose that is directly related to this primary purpose and is reasonably expected. You consent to the use and disclosure on this basis. If for example we have collected information about any medical conditions you are suffering, then you consent to us disclosing this information to our service providers if they reasonably have a need to know such information in order to safely supply services for your benefit. We will not otherwise collect, use or disclose sensitive information about you unless required to do so by law.
EVEDA collects personal and sensitive information through a variety of channels, including when you: undergo a health screening or diagnostic assessment using any of our devices or systems; register for or use any of our digital health platforms or mobile applications; participate in an employer, corporate, government, or community health program facilitated by EVEDA; attend a health screening event; engage in a telehealth or video consultation through our platforms; correspond with EVEDA in person, by telephone, email, mail, or through our website; submit an enquiry, register interest, or request information; enter into a service agreement or contract with EVEDA; or provide information through social media or third-party channels.
We may also receive personal information from third parties, including your employer (in the context of a workplace health program), your healthcare provider, government agencies, or partner organisations, where you have consented to such sharing or where required by law. If you do not consent to the collection of your information, we may not be able to provide our services to you.
Cookies are small blocks of data created by a web server while a user is browsing a website and placed on the user's computer or other device by the user's web browser. Cookies are placed on the device used to access a website, and more than one cookie may be placed on a user's device during a session. To ensure we are meeting the needs and requirements of our website users, and to continue to develop our online services, we may collect aggregated information through the use of cookies. We may use cookies to collect data about your visit and to allow you to navigate from page to page without having to reload each time. You may control, refuse and/or delete cookies by using the appropriate setting on your browser as you wish, however, if you do so you may be unable to access portions of our website.
Personal and health information collected by EVEDA will be used for the purpose for which it was provided, for directly related purposes, for purposes you have consented to, or as otherwise permitted by law. This includes, but is not limited to: delivering health screening and diagnostic services; generating your personal health reports and records; facilitating clinical consultations with healthcare providers; managing your health record within our digital platforms; enabling communication between you and your nominated healthcare providers; administering employer, government, or community health programs; improving the quality and safety of our services; complying with regulatory, legal, and reporting obligations; and communicating with you about our services.
EVEDA may use de-identified, aggregated data for population health analytics, research, service improvement, and reporting purposes. De-identified data has been processed to remove any information that could reasonably be used to identify an individual. Aggregation thresholds are applied to prevent re-identification. Organisations that commission health programs through EVEDA receive only population-level insights, including health risk scores, demographic trends, and program effectiveness metrics. Individual patient records are never accessible through our analytics services. Your identity is not exposed through any population-level reporting.
We may contact you using the contact details which you provide to us to provide you with direct marketing communications about our services (in accordance with the permitted limits of the law). You may opt out of receiving direct marketing communications from us at any time by contacting us using the details set out below or by functionality within such communications.
We may disclose personal and/or sensitive information to: our directors, officers, employees, and related entities; contracted healthcare practitioners, clinical staff, and medical consultants engaged in delivering our services; your nominated healthcare provider, with your consent; organisations that commission health programs (only de-identified, aggregated data); contracted service providers who assist in delivering our services, including cloud hosting providers, technology partners, and maintenance providers; payment processors and financial service providers; government, regulatory, and law enforcement agencies where required or authorised by law; and our professional advisors, including accountants, auditors, and lawyers. In all cases, we prohibit third parties from using your personal information except for the specific purpose for which we provide it.
EVEDA believes that individuals should own and control their health data. Where health data is generated through our diagnostic and screening services, that data belongs to the individual. You control who can access your records through our digital platforms. Organisations that commission health programs cannot access individual records. The sharing of your health information with healthcare providers requires your explicit consent.
We may disclose personal and/or sensitive information to overseas recipients in order to provide services. Generally, we will only disclose your personal information to these overseas recipients in connection with our services such as facilitation or fulfilment of your service engagement and/or to enable the performance of administrative and technical services by them on our behalf.
EVEDA takes the security of your personal and health information seriously. We implement technical and organisational measures to protect the information we hold from misuse, interference, loss, and unauthorised access, modification, or disclosure. These measures include, but are not limited to: encrypted data transmission and storage; role-based access controls and audit trails; ISO 27001 certified information security management; regular security assessments and penetration testing; staff training on privacy and data handling obligations; physical security controls at all facilities; and incident response and disaster recovery procedures. Our systems are designed and maintained to meet the requirements of applicable health data security standards, including HIPAA and the Australian Privacy Principles.
You may request access to your personal and health information at any time by contacting us using the details below. Where we provide digital health platforms, you may also access your records directly through those platforms. If you believe that any information we hold about you is inaccurate, out of date, or incomplete, you may request a correction.
EVEDA may use automated processes to generate health risk scores, clinical alerts, and population health insights based on information we collect. These processes are designed to support, not replace, clinical decision-making by qualified healthcare professionals. Where automated processing is used in a way that could reasonably be expected to significantly affect your rights or interests, we will disclose this in accordance with applicable law, including the Privacy and Other Legislation Amendment Act 2024 (Cth). You may contact us to request information about the logic involved in any automated decision that affects you.
Where our services involve the collection of personal or health information from children or young people under the age of 18, we will obtain consent from a parent or legal guardian before collecting such information. We take additional care to protect the privacy of minors and ensure that information is collected, used, and disclosed only as necessary to deliver the relevant health services.
Our website and platforms may contain links to external websites. EVEDA is not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external site you visit.
This is our current Privacy Policy. Please note that we reserve the right to amend, modify, remove, or vary this Privacy Policy at any time and without notice. You should check this page regularly to take notice of any changes we may have made to this Policy. To obtain a current version of our privacy policy, please contact EVEDA via the contact details below.
If you are a resident of the European Union (or following Brexit, you are a resident of the UK and the UK has laws equivalent to the GDPR in effect), you have certain rights and protections under the GDPR regarding the processing of your personal data. This section sets out the additional information that we are required to provide to you under the GDPR. Where the GDPR applies, the meaning of "personal information" has the same meaning as "personal data" and the meaning of "sensitive information" will apply as information concerning the processing of special categories of personal information ("sensitive data") under the GDPR. For the purposes of the GDPR we will either be the "data processor" or "data controller" for any personal information you provide to us in connection with our relationship. We rely on lawful means of processing your personal data, including where it is necessary to fulfil a contract with you, where you have given us valid consent to use your personal data, and where it is to further our legitimate interests.
Under certain circumstances or if you are a resident of the European Union or UK, you have various rights under the GDPR in relation to your personal information, including the right to: be informed; access information; rectification; object/withdraw consent; restriction of processing; erasure or to be forgotten; data portability; and not be subject to automated processing. To exercise any of these rights please contact EVEDA via the contact details set out below.
You can withdraw your consent to our collection or processing of your personal data. You can do so by contacting us or by opting out of email newsletter communications by following the instructions in those emails or by clicking unsubscribe. If you withdraw your consent to the use of your personal data, you may not have access to our services, and we might not be able to provide you with our services. In some circumstances, where we have a legal basis to do so, we may continue to process your information after you have withdrawn consent. For example, if it is necessary to comply with an independent legal obligation or if it is necessary to do so to protect our legitimate interest in keeping our services secure.
If you have any questions or concerns about how we handle your personal or sensitive information, or if you wish to access or amend personal and/or sensitive information we hold about you, please make a request in writing. All correspondence should be directed to:
Attention: EVEDA Operations Manager
Post: Suite 10, 397 Smith Street, Fitzroy, Victoria 3065, Australia
Email: info@eveda.com.au
Phone: +61 (03) 9900 8888
If you decide to contact us for any of the reasons above, we request that you provide us with sufficient details regarding your reason for getting in touch with us. We note that, if necessary, we will ask you to provide us with a copy of your ID, passport or other valid identity document.
If you have any enquiries about this Privacy Policy or wish to make a complaint about a matter relating to privacy, please contact us using the details set out above. We will investigate and consider any complaint received by us, and a response will be provided to the complainant as soon as practicable.
Last updated: April 2026